CVE-2025-8851

A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
libtifflibtiff
𝑥
< 2024-08-11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tiff
bullseye
unimportant
bullseye (security)
unimportant
bookworm
unimportant
bookworm (security)
unimportant
trixie
4.7.0-3
fixed
forky
4.7.1-1
fixed
sid
4.7.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tiff
plucky
Fixed 4.5.1+git230720-4ubuntu4.1
released
noble
Fixed 4.5.1+git230720-4ubuntu2.3
released
jammy
Fixed 4.3.0-6ubuntu0.11
released
focal
Fixed 4.1.0+git191117-2ubuntu0.20.04.14+esm1
released
bionic
Fixed 4.0.9-5ubuntu0.10+esm8
released
xenial
Fixed 4.0.6-1ubuntu0.8+esm18
released
trusty
Fixed 4.0.3-7ubuntu0.11+esm15
released
qtwebengine-opensource-src
plucky
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
texmaker
plucky
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
gdal
plucky
not-affected
noble
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
needs-triage
trusty
needs-triage
neuron
plucky
not-affected
noble
not-affected
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
Common Weakness Enumeration
References
http://www.libtiff.org/
https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3
https://vuldb.com/?ctiid.319382
https://vuldb.com/?id.319382
https://vuldb.com/?submit.624604
https://vuldb.com/?submit.624604